Announcements

Help Wizard

Step 1

NEXT STEP

Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Spotify Linux built against insecure/unsupported openssl/libssl 1.0.0??

Why is the latest Spotify client for Linux built against an usupported, vulnerable version of openssl?? Whomever is responsible for maintaining the .deb package could you please switch to building it against a non-discontinued/patched version of openssl?? Like say openssl 1.0.2 or 1.1.x ... That would be awesome.

 

Thank you!

Reply
7 Replies

Known problem since half a year.

Very bad on their side.

 

EDIT: or better, I think I got libcurl to compile (and work) just fine even with 1.0.2k.. Though it wouldn't hurt if they could update to 1.1

I don't see why they can't build a .rpm for this for CentOS/Fedora users also in additon to the .deb installer....seems like they are just being lazy, I would do it if I had access to the source...tried converting the .deb to an .rpm using alien and checking the file paths with rpmrebuild and they seem fine... trying to install on CentOS 7.x and keep getting very strange dependancy errors when most all of dependancies should be detected as they are already installed....just build an .rpm from the source for non-debian users please...lazy...we pay for this service, I get the Linux client is "not officially supported" but what's the problem with making it available for most/all flavors of linux and using up-to-date code to build the packages...sloppy.

http://negativo17.org/spotify-client/

https://github.com/alexlarsson/spotify-app

 

If your distro has no easy way to automate/redistribute others packages, try not to complain here and go OT.

AFAIK the clients you shared in those links are not the same client code that is pacakged in the spotify repo for Debian/Ubuntu users...is that not true?  I may be mistaken but if not I will complian in the OT instead if so.  If it is the same client than THANK YOU! 

it looks like those are flatpak repositories - they bundle all the dependencies with the code, instead of using up-to-date versions.  It doesn't really solve the original issue (libsslv1.0.0 is out of date and unsafe, to the extent that distributions no longer carry it) but should provide a functioning installation

It looks like Ubuntu just uses 1.0.0 to refer to all 1.0.x, and Ubuntu is their target distro.  Main thread on this issue with workarounds for various platforms here: https://community.spotify.com/t5/Desktop-Linux-Windows-Web-Player/The-return-of-the-libssl-trouble-o...

Spotify 1.0.69 in the testing repository now (soon stable) can dynamically load different versions of libcrypto.so (from the libssl* packages).

Suggested posts